If it's not a secret, why do you need to separate your networks in that way? You can still use 1 workstation with VLAN settings and IEEE 802.1X or even have two NICs in one workstation. As other stated, you would need to take care of other equipment first and I don't belive that RF shielding is something hackers woud start to crack first :) If you want to have a secondary layer, then just build an cage arround your server racks, like they do in datacentres for separation. ![]() so, you have a metal cage that is grounded, does this not make this an If metal racks are assembled correctly, then every part is also grounded with an groudwire. My boss used to say, "If I turn on the bulb, you should be able to detect the light - although it will be greatly attenuated." We used to discuss the model of a 100W light bulb encased in a 50-foot thick concrete block. A big one for TEMPEST is metal ducting - it acts like waveguide. I'd have better luck spying on a server through the AC mains, probably. Yes, the more noise in the environment, the harder it is to pick out a signal. If the wired network is tapped into either directly or by malware on PCs then you are vulnerable to a data breach. I totally agree with you about physical security. In the case of a server room, I would have thought that even if you could get a detector in there then the jumble of signals would take rather specialist equipment to filter out relevant ones and then the processing of them would be tremendously hard. Do you know if it can really be done with up to date HDMI monitors and laptop screens from good manufactures when the environment is jammed with much EMR from loads of devices as you get these days? I know that you could pick up CRT monitor EMR and with the right equipment duplicate the screen display and I have read about reports that some LED monitors also leak radiation for the same trick to work. More expensive than the VPN but a great option and easier to manage than the additional computers. Or access via an internal terminal server client on the wifi PC. Or just use a VPN for the private network. You need to drop the wireless network if it's that concerning. I don't have all of the facts but the two networks and two computers sounds like a horrible plan. Remote session on a terminal server would be better. Virtual PCs would be a lot of maintenance as you are still doubling the number desktops. To get around this, use a virtual pc hosted on the desktop which can see only one of the adaptors (namely the wifi one). ![]() The problem with this approach however is that you essentially have a point of convergence - the desktop, creating a loophole. This would mean you could utilise the same core network infrastructure and one desktop for both if you installed a wifi adaptor in the devices. I'd look into setting up some VLANs on your network and assigning corporate traffic to be routed through one while the public wifi through another. ![]() Making sure that only necessary equipment has access to the network is good and perhaps having means to check who and what has accessed the data is also good. ![]() I suppose that in theory someone could wrap a detector around one of your cables and being close enough it could be able to "listen" to traffic on that cable and to me that would be an easier attack method though plugging into someones PC would be easier. In all probability, any determined potential snooper will find much easier ways to access company data from staff stupidities to plugging into your wired network. I suppose that lining the room with earthed well connected chicken wire will help. Where are the servers and are they in locked rooms? For if they are not easily accessed then a "spy" will have trouble setting up equipment to catch RF signals and if the servers are in a brick room then that will also limit opportunities. I used the word limited because for example cables are twisted pairs and that reduces radiation, rack equipment are normally metal enclosures which can have "holes" but again it will tend to limit radiation. What kind of equipment would you need to pick up the limited em radiation and filter and analyse it for relevant data - non that I know off. In a spy novel this lack of RF shielding may give access but in reality I can't see it.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |